docmain.css" /> HTTPS Certificate Utility - Installation Guide

HTTPS Certificate Utility

The HTTPS Certificate Utility manages the default servlet runner certificate. Use this utility to install or update a certificate for the HTTP server functionality that is included with the Management and Security Server. This certificate enables clients to establish secure connections (HTTPS) to the services provided by the Management and Security Server. (Other certificates are managed differently.)

Beginning in version 12.4.2, the HTTPS Certificate Utility can be used to create a private key and generate a Certificate Signing Request (CSR). You can then import the signed certificate and the private key.

Running the HTTPS Certificate Utility

The HTTPS Certificate Utility can be run at any time. To run this utility, Management and Security Server must have been installed using an automated installer or multi-component manual installation file.

  1. Verify that you used the HTTP Server functionality that was provided during installation.

  2. Run the utility (HttpsCertificateUtility.exe or HttpsCertificateUtility).

    Windows systems:

    [MssServerInstall]\utilities\bin\HTTPSCertificateUtility.exe

    Linux or UNIX systems:

    [MssServerInstall]/utilities/bin/HTTPSCertificateUtility

  3. Follow the prompts in the utility, and select a certificate action:

    • Generate a new key pair and self-signed certificate.

    • Generate a new private key and Certificate Signing Request.

    • Import a certificate and private key.

    • Import the Management and Security Server certificate and private key.

NOTE:When needed, the HTTPS Certificate Utility can be run in console mode by using the -console application argument.

Alternative approaches

  • Instead of running the HTTPS Certificate Utility, you can run the Initial Configuration Utility to generate cryptographic keys and self-signed certificates for the provided servlet runner. Use of either utility will overwrite any existing keys.

  • You can configure Management and Security Server to use either a self-signed certificate, or a CA-signed SSL server certificate. For details regarding CA-signed certificates, see Technical Note 1702.

Requiring HTTPS in the Administrative Server

Once your server supports HTTPS, use the Administrative WebStation to restrict the Administrative Server to the HTTPS protocol.

  1. In the Administrative WebStation, click Security Setup > Security.

  2. In the Administrative server access protocol section, select the Require HTTPS - recommended check box.

  3. Click Save Settings.